Network World - The watchdogs at the Government Accountability Office this week issued a report that takes a look at what information, or guidance as they call it, is available to help government agencies and public sector companies bulk up their cybersecurity efforts.
Since a GAO report late last year showed reports of security incidents from federal agencies have increased more than 650% over the past five years, the need for a community of help on the cybersecurity front is needed.
MORE ON SECURITY: IRS: Top 10 things every taxpayer should know about identity theft
Inside the current report, the GAO included a list and definitions of some of the more common, and perhaps some not-so-common, security exploits that federal agencies and private firms are hit with. Here's the list:
• Cross-site scripting: An attack that uses third-party web resources to run script within the victim's web browser or scriptable application. This occurs when a browser visits a malicious website or clicks a malicious link. The most dangerous consequences occur when this method is used to exploit additional vulnerabilities that may permit an attacker to steal cookies (data exchanged between a web server and a browser), log key strokes, capture screen shots, discover and collect network information, and remotely access and control the victim's machine.
• Denial-of-service: An attack that prevents or impairs the authorized use of networks, systems, or applications by exhausting resources.
• Distributed denial-of-service: A variant of the denial-of-service attack that uses numerous hosts to perform the attack.
• Logic bomb: A piece of programming code intentionally inserted into a software system that will cause a malicious function to occur when one or more specified conditions are met.
• Phishing: A digital form of social engineering that uses authentic-looking -- but fake -- e-mails to request information from users or direct them to a fake website that requests information.
• Passive wiretapping: The monitoring or recording of data, such as passwords transmitted in clear text, while they are being transmitted over a communications link. This is done without altering or affecting the data.
• SQL injection: An attack that involves the alteration of a database search in a web-based application, which can be used to obtain unauthorized access to sensitive information in a database.
• Trojan horse: A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms by, for example, masquerading as a useful program that a user would likely execute.
• Virus: A computer program that can copy itself and infect a computer without the permission or knowledge of the user. A virus might corrupt or delete data on a computer, use e-mail programs to spread itself to other computers, or even erase everything on a hard disk. Unlike a computer worm, a virus requires human involvement (usually unwitting) to propagate.
• War driving: The method of driving through cities and neighborhoods with a wireless-equipped computer -- sometimes with a powerful antenna -- searching for unsecured wireless networks.
Rss Feed
The Connected Enterprise
You are previewing premium content. 
